• When the receiver is parsing the information contained in the Country Information Element ( present normally in beacons and probe request frames?.one of your questions ), it activates a counter and counts octets from the beginning of the Element Id ( 7, as you correctly mentioned ). When it gets to the sixth octet ( first one after the end of the Country Strings, it does two things:

    1. It checks the value of that sixth octet

    2. It checks the value of an MIB ( Management Information Base ) variable called dot11RegulatoryClassesRequired

    If ?1? is less than 201 and ?2?is not true ( 0 ), then the sixth, seventh and eighth etc octets are known as a subband triplet, and contain the First Channel Number etc.

    If ?1? is greater than or equal to 201 and ?2?is true ( 1 ), then the sixth, seventh and eighth etc octets are known as a regulatory triplet, and contain the Regulatory Extension Indentifier etc.

    Without going into the details, the latter ( Regulatory Extension Identifier ) came about due to some requirements that Japan had. The IEEE had to come up with some very clever changes to accommodate the Japanese requirements. This then formed part of IEEE 802.11j

    IEEE 802.11d and IEEE 802.11j were then rolled up into IEEE 802.11 ? 2007

    You can find some useful information related to Regulatory Classes etc in the following doc:

    ieee 802.22 ? 09/0081r0


  • As an example of how complex IEEE naming can get ( re operating classes and regulatory classes ) have included a clip from an IEEE doc where various groups make proposals:


    In every country, equipment that conforms to IEEE 802.11 must meet regulatory requirements in order to be sold and to be operated. The knowledge of the regulatory requirements is shared among all the approved devices ? masters must know rules for master devices, clients must know rules for client devices. Submission 802.11-10/210r6 was incorporated into 802.11mb Draft 3.0 and circulated in 802.11 LB162, with all comments recorded in 11-09/706r11. No comments were received on the changes that renamed Regulatory Class to Operating Class, and added global operating classes Table J-4. Submission 10/210r6 was subsequently modified to be applied to amendments that complete before REVmb. In TGs LB161, comment 3109 was submitted to incorporate 802.11-10/210r7 into the TGs draft, as recorded in 11-10/478r2. If TGs accepts the comment in some form and maintains their aggressive schedule, it is likely that by July 2010 the 11af baseline will contain text for ?Operating classes.?

    TGaf should retain text in our draft that is effective with or without 11s or 11mb in our baseline."

    Anyways, if we stick to "Regulatory" instead of "Operating", we won't go far wrong as far as IEEE-802.11 -2007 is concerned.


  • Bye the way, if some kind soul can stick a frame capture up some where showing country information elements, we can start to disect them.


  • Country string information can be obtained from the following:

    First two octets cover the country code from the previous.

    Last octet gives us "I" or "0" in ASCII to designate either indoor or outdoor operation. A space character is used to designate usage of both


  • Now let?s take a look at a MIB variable called dot11ChannelStartingFactor.

    The channel starting frequency ( a variable used in formulas that can be used by programmable synthesizers in APs and STAs ) is given by:

    dot11ChannelStartingFactor times 500 KHz, when dot11RegulatoryClassesRequired is true


    When dot11RegulatoryClassesRequired is false, then we simply use a value of 5 GHz.

    Now, the Channel Center Frequency = Channel starting frequency + 5 ? nch (MHz)

    nch = 0,1,?200 ( This is where the ?less than 201? value comes in in the posts before. That is it acts as a differentiator between the ?First Channel? and ?Regulatory Indentifier? triplets ).

    Let?s look at an example:

    dot11RegulatoryClassesRequired is false, nch = 0,1,?200

    US regulatory domain. H band. UNII 2e. Say, channel 112.

    Channel Starting Frequency of 5 GHz value is used

    Center Frequency = Channel starting frequency + 5 ? nch (MHz)

    = 5 GHz + 5 times 112 MHz

    = 5 GHz + 560 MHz

    = 5.560 GHz

    We can confirm this by checking in ( e.g. ) the CWDP Study Guide P 29

    Now, because of the unusual channel setup required for operation in Japan, a new scheme had to be thought of, instead of just having a fixed value of 5 GHz . This was fortuitous as it laid the way for future ( not yet applied ) spectrum values with having to perform massive hardware changes.

    The dot11ChannelStartingFactor is the important link to allowing synthesizers to ?create? channel frequencies out side the traditional ones we are used to.

    The dot11ChannelStartingFactor is linked to a value known as a ?Regulatory Class? ( we?ll look at that in another post )


  • Dave,

    In this line of yours:
    [quote]When dot11RegulatoryClassesRequired is false, then we simply use a value of 5 GHz.[/quote]
    ...wouldn't that be a value of 5 MHz?

    From a capture somewhere, I have this:
    Element ID: 7 Country
    Length: 6
    Country Code: US
    Starting Channel: 1
    Number of Channels: 11
    Max Tx Power (dBm): 16[/code]

    I have a feeling it's not the capture you want though. Are you calling the 'first octet' the bit just after where the country code string is? (in this case US). I think I might be missing something here again.

  • Tks Spice_Boy

    Actually it is 5 GHz. It can be a bit confusing with two number "5's" floating around.

    The "first 5" refers to the Channel Starting Frequency, in other words a baseline. That value of 5 GHz was developed to give an easy formula when all we had was UNII 1, 2 2e and 3.

    When Japan came into the picture, it used a number of other channel plans such as in 4.9 - 5.0 GHz.

    This now "messed up" the formula of 5 Gigs plus channel number times 5 MHz ( the second "5" ).

    In order to get "down below" 5 GHz , the IEEE proposed using the ?dot11ChannelStartingFactor?. This value is linked to the Regulatory Class which I shall mention in the next post.

    The trace show some interesting stuff:

    First off we can see our Element ID of 7 ( Country Information Element )

    The length is given as six octets ( length is given as the number of octets after the length field itself )

    Country String 1
    Country String 2
    Country String 3
    First Channel Number
    Number of Channels
    Maximum Transmit Power

    Note that depending upon the actual frame analyzer software, the fields described may not use the same nomenclature as the IEEE docs. Also, not all the detail may be provided in certain views.

    E.g. The info in Country String 1 -3 may be given in more detail in hex view etc.
    If we could look at the ?nitty gritty view?we would probably see that the Country Code for the US would simply be the equivalent for the letters ?US? from our code list:

    We can see that we have 11 channels which matches up with the FCC regs for the US, and that the first channel number is 1 ( 2.4 GHz ).

    We can also see the max tx power level of 16 dBm

    Yes, the first octet after the Country stuff tells us whether we are looking at ?First Channel Number? or ?Regulatory Extension Identifier?


  • So, now we can start to tie all this together. We know that we start off with an Element ID followed by a Length value, followed by three Country String Octets ( these values tell us which country we are looking at and some info about indoor/outdoor use ). When IEEE 802.11d first came out, the next three octets gave First Channel Number/Number of Channels/Maximum Transmit Power Level values.

    With the introduction of IEEE 802.11j, new elements were introduced. If the value of the sixth octet was greater than or equal to 201, we would have Regulatory Extension Number/ Regulatory Class/ Coverage Class.

    Now, if we look at Annex J, Table J.3 ( IEEE 802.11 ? 2007 ) for example, we can see a number of Regulatory Class values for Japan. For example, Class 7 tells us that the channel starting frequency is 5 GHz, the channel spacing is 20 MHz, the group of channels whose parameters will be discussed next is: 184, 188, 192, and 196. The transmit power limit is 24 dBm. Emissions Limit Sets would give information on such things as power spectral density etc. Behaviour Limits would include such things as Transmit Power Control and IBSS restrictions.

    The last two items may be found in the following document . I had to go through a mountain of on-line documentation to find this:

    Google IEEE 802.22 ? 09/0081r0 ( same as previously mentioned ).

    Finally, looking at the first document you provided, we can see some information below:

    Table 7-26baf1?Country field triplets
    Name 1st octet 2nd octet 3rd octet
    Channel-power triplet Channel power identifier (202) Channel number Maximum transmit power level
    Operating triplet Operating extension identifier (201) Operating class Coverage class
    Subband triplet First channel number (1-200) Number of channels Maximum transmit power level

    Where did that come from ?

    When an IEEE 802.11 doc is changed, for example when IEEE 802.11-2007 was produced, it included a whole load of changes from the previous one. These changes did not take place overnight. Changes had to proposed, discussed and finally agreed upon ( the IEEE has a very interesting general conensus method of finalising things. It?s usually something like a 75% agreement. This is a good thing, as an already pretty slow ( and it has to be to get it right ) procedure would take forever if 100% agreement was required ( the Wi-Fi Alliance usually gets cracking to bring products to market with draft documents way before most IEEE specs are finalized ).

    Loads of documents are produced and made public by the various task groups/work groups. I think in the case of that document, the next time we see IEEE802.11-2012 or whatever, the nomenclature changes will have occurred.

    Hope this has been helpful for you.


  • Ah, that second '5' was the one I was thinking of.
    Here is the hex version of that country capture:
    [code]07 06 55 53 20 01 0b 10[/code]

    Hope the original poster hasn't run away!

    I'm going to make a bit of a library of various captures for reference. I use Linux to capture and save with Wireshark, but to make them look 'pretty' for a web page, OmniPeek can export them to a nice view.

  • So, now can decode some of this:

    07 06 55 53 20 01 0b 10

    We can see our element ID: 7 decimal

    Our length is: 6 decimal

    Looking at the following table, we can see the hex representation of the ASCII letters US as being: 55 hex followed by 53 hex:

    Now, again looking at the ASCII table, we see that 20 hex corresponds to a ?space: character in ASCII. From a previous post we saw that a ?space? character corresponds to Indoor/Outdoor use

    The next character 01, shows that the first channel number is 1 decimal

    The next character ob hex corresponds to 11 decimal ( 11 channels, 2.4 GHz, USA )

    Lastly, 10 hex corresponds to 16 decimal ( our tx power level of 16 dBm )

    Must sleep, fingers going numb, fading away?..zzzzzzz


Page 2 of 3